β Monumental Supply-Chain Attack on Airlines Traced to State Actor β
π Read
via "Threat Post".
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.π Read
via "Threat Post".
π΄ Many Mobile Apps Intentionally Using Insecure Connections for Sending Data π΄
π Read
via "Dark Reading".
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.π Read
via "Dark Reading".
Dark Reading
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
π Friday Five 6/11 π
π Read
via "".
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/11
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!
π GNU Privacy Guard 2.2.28 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.28 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 6.3.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-25401 βΌ
π Read
via "National Vulnerability Database".
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25385 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25397 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.π Read
via "National Vulnerability Database".
β Chrome zero-day, hot on the heels of Microsoftβs IE zero-day. Patch now! β
π Read
via "Naked Security".
Patch early. Patch often. Patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β ALPACA β the wacky TLS security vulnerability with a funky name β
π Read
via "Naked Security".
Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.π Read
via "Naked Security".
Naked Security
ALPACA β the wacky TLS security vulnerability with a funky name
Donβt panic β this isnβt another Heartbleed. But itβs a fascinating reminder of why doing things the easy way isnβt always the best way.
β S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
Latest episode β listen now!
βΌ CVE-2021-25419 βΌ
π Read
via "National Vulnerability Database".
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29754 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5003 βΌ
π Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25425 βΌ
π Read
via "National Vulnerability Database".
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.π Read
via "National Vulnerability Database".
β Cyberpunk 2077 Hacked Data Circulating Online β
π Read
via "Threat Post".
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.π Read
via "Threat Post".
Threat Post
Cyberpunk 2077 Hacked Data Circulating Online
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.
π1
π΄ Details Emerge on How Gaming Giant EA Was Hacked π΄
π Read
via "Dark Reading".
Hacking group stole source code to FIFA 21 and the company's Frostbite engine.π Read
via "Dark Reading".
π¦Ώ Fallout of EA source code breach could be severe, cybersecurity experts say π¦Ώ
π Read
via "Tech Republic".
Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.π Read
via "Tech Republic".
TechRepublic
Fallout of EA source code breach could be severe, cybersecurity experts say
Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.
βΌ CVE-2020-6000 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23136 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22913 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.π Read
via "National Vulnerability Database".